Discover why Essential ERM's is chosen by many over traditional GRC platforms for managing risk.
Vendor assistance launching and growing ERM program maturity
Vendor provides guidances, content and hands-on help to launch client ERM programs quickly for one low cost. A focused, expert vendor that understands ERM very well and can provide helpful expertise and advice.
Long, complex and expensive implementations. Most vendors focus on compliance and have limited experience in enterprise risk management.
Faster and more successful implementations.
SaaS Solution; Cyber security and data residency
Essential ERM is a secure SaaS appliction. Essential ERM does not make use of any public cloud infrastructure. Instead, Essential ERM runs in a private cloud environment in a SOC2, ISO27001 and NIST certified tier 4 datacentre.
SaaS may not be offered. If available, SaaS options typically have US data residency, subjecting data to US Homeland Security regulations. SaaS solutions also typically make use of public cloud infrastructure providers.
Secure SaaS options reduce the cost and complexity of implementing and managing an ERM solution, while improving overall process security. Canadian data residency means that client data is not subject to U.S. regulations. Use of security-certified private cloud infrastructure helps avoid security concerns of public cloud solutions.
Flexible cost model
Can start with as small as a single user, with declining costs and user counts grow. Lower cost "Contributor" users can participate in workflows (action plans, voting, KRIs) without the need to purchase full user licenses.
More expensive, high setup fees and large up-front commitments required.
Lower up-front and ongoing costs; lower total cost of ownership; reduced start-up risk; no hidden costs or surprise costs.
Flexible and responsive vendor
Essential ERM is built on a modern, flexible web platform, with new features being added continuously. Strong opportunity for clients to request new features and influence the future direction of the product.
Slow and complex to change and adapt; unable or unwilling to add new features quickly.
Faster vendor response; enables more flexibility in the ERM program; better fit between features and user requirements; lower support costs.
Extensible fields and functionality
Essential ERM allows administrators to add custom fields to risk records and to also attach additional documents, videos, process links and more through an easy and intuitive linking process.
Additional fields are treated as customizations and/or require support from the vendor to implement and administer.Some systems allow for document uploading, which is generally considered bad security practice, as it creates islands of data and circumvents the organization's data loss prevention policies.
The system can be tailored to an individual organization's needs without dealys or the need for up-front or ongoging development and maintenance costs.Linking provides a more flexible and secure solution than uploading documents, as it works within an organization's data protection and data loss prevention measures (rather than circumventing them).
Risk library
Admin users can create and manage access to libraries of standard risk templates. Users can browse libraries and create multiple new risks into custom risk registers with a single click.
Not supported or overly complex.
Useful when different user groups or departments are encouraged to rate a set of standardized risks for roll up reporting purposes. Also can be helpful for special project registers (e.g. considering standard projects during M&A activities).
Trending and historical analysis
All changes are tracked within Essential ERM for logging purposes and to generate historical views and trends over time. With the click of a button, users can view reports at any point in time and generate trending information for risks, indicators, strategies and more.
Either not supported or overly complex (requiring customization).
Executive and governance bodies prefer to review trend data rather than point-in-time figures (especially within established risk programs). Furthermore, point-in-time data often obscures changes that are occuring in an organization's risk posture that would be clearly visible much earlier through a review of trends. As a result, risk managers end up spending unproductive time attempting to create manual trend reports.
Flexible user types
Essential ERM provides multiple user types that are easily set up and managed by client administrators. User types include Admin Users, Standard Users, Read Only Users and workflow Contributors.
Can be complex to administer, often have to pay fees for full user seats when only limited access is required.
Clients save money by not paying full user fees when only limited access is required for some users. Also, more stakeholders can be directly involved in the risk management process though distributed workflows and read-only access. Limited access for some users also reduces complexity for those users, such that many can interact with reports and workflows without the need for any training.
Secure risk portfolios (locked departmental & divisional Views)
Administrators can set up protected risk portfolios that only authorized users can access. Departments or divisions can manage their own limited views, with information rolling up into enterprise views. Easy administration of risk roll ups.
Either not supported or overly complex.
Departments and user groups can securely and confidentially manage their own risks, with roll up reporting for authorized power users. Easier administration and reduced support costs. Can also be used to restrict access to risk information in sensitive areas (e.g., mergers & acquisitions, HR & succession planning)
Key risk and performance indicators (KRIs and KPIs)
Easy and intuitive method to track key metrics against expected tolerance levels. Provides alerts and notifications when changing situations may be affecting risk profiles and/or strategic objectives.
Either not supported or overly complex.
Greater responsiveness to changing internal and exernal conditions. Reduced costs and effort. More consistent attainment of strategic objectives.
Risk hierachies, dependencies and easy risk roll ups
Essential ERM easily links risks fordepartmental and enterprise views;links root causes and more. Supports easy but powerful risk roll up (and drill down) reporting.
Either not supported or overly complex.
Allows you to generate different risk views for different audiences and supports a distributed risk management program.
Dynamic reporting
Generate and download reports inseconds. Filter reports and drill downdynamically. Export data in structured format to integrate with 3rd party reporting, such as Power BI and Tableau.
Limited and inflexible reporting. Additional costs and time delays required to build custom reports. No download for integration into 3rd party reporting.
Dynamic and flexible reports allow you to respond in real time to executive questions; eliminate manual data manipulation. Ability to easily integrate risk data into other organizational reporting and dashboards in other tools. Risk managers and users spend less time manipulating data and are able to generate unique insights that cannot be achieved by spreadsheets and static reports in traditional GRC tools.
No internal set up or installation
Essential ERM is a secure web-basedsystem that can be set up in minutes.
Competitors are complex,time consuming and expensive to setup and support. There may be unanticipated hidden fees and internal support costs.
Faster setup, lower setup costs, lower costs of operation, better cost certainty with no hidden costs or fees.
Risk assessment workflows
Administrators can quickly set up and launch risk assessment workflows that guide users through their required risk assessment tasks.
Either not supported or overly complex.
Simplified workflows increase user acceptance and assessement completion rates, especially for casual users who interact with the system less frequently. Users stay engaged in the process and are more likely to view ERM as an easy and positive activity.
Automated action plan follow up
Automated reminders and follow upon action plans; solicit risk input fromacross the organization. Action plan managers do not need to be full paid users in the system.
Workflow capabilities are either limited or overly complex. Action plan managers must be full users, increasing licensing costs and training requirements.
Better follow through on action plans; lower licensing costs; lower training and support costs.
Integrated, real-time risk voting functionality
Real-time voting on risk and controlscoring supported through browsersand mobile devices. Risk votes can be created in seconds and results are automatically tabulated. Full user accounts and logins are not required for individuals to participate in risk votes.
Rarely supported or require dedicated hand-held "clicker" devices. Complex and time consuming to set up and tabulate results. Full user licenses often must be purchased for every voter.
Time savings, lower license costs and no device costs; use risk voting to engage a broader base of contributors; avoid groupthink and better engage business users.
Integrated risk bow tie functionality
Visual bow tie diagrams allow users to easily link causes, mitigations and consequences; display multiple risk scenarios in one intuitive diagram.Easily and intuitively follow many-to-many connections between root causes, controls/mitigations, consequences and risks.
Not supported.
The bowtie model has emerged as the leading workshoping and scenario analysis tool for enterprise Risk. Bow tie analysis improves user engagement and workshop effectiveness, resulting in better allocation of mitigation resources to lower cost and risk.Easy and intuitive root cause analysis.
Target risk functionality
In addition to risk appetite thresholds, Administrators can enable Target Risk features which allow Users to set likelihood, impact and residual risk scores that they wish to achieve for each risk.Admins can also easily turn off Inherent Risk functionality to simplify the user interface if Inherent Risk is not part of their process.
Either not supported or requires customization (or IT support).
Allows for clear planning and communication of desired future-state risk levels. Provides a simpler, more intuitive way to manage a complex subject and allows for simplification of the user interface.
Integrated risk appetite functionality
An easy and intuitive approach toenabling risk appetite in ERM programs and automating the tracking of risk levels relative to appetite thresholds. Essential ERM provides a high level of benefit without adding complexity.
Either not supported or overly complex.
Align board member, executive and management thinking on acceptable risk levels; promote a healthy risk management culture; quickly identify changing risk conditions that exceed acceptable threshold levels.
Ease of use and administration
From a user perspective, Essential ERM is easy and intuitive, guiding non-experts through the risk management process. From an administration perspective, configuration changes can be easily administered by internal resources, without the need for extensive training or to pay extra for external services. Features and screens can be easily enabled/disabled, labels can be edited, instructions uploaded, etc. to allow Admins to tailor Essential ERM to their processes without the need for IT support or customization.
Competitive systems are overly complex, limiting adoption among businessand executive users. Competitive systems often require paid projects with the vendor to perform configuration changes in the future, leading to unexpected costs and limiting ERM program flexibility.
Lower training and support costs, better engagement of executive and business users, better enablement of distributed risk management processes, improved ability to support a support a strong risk culture. No hidden or unexpected project costs in the future.
Configurable home screen dashboard
Admin users can select from an extensive library of dashboard components to tailor a home screen for their users. Home screen components display summary data specific to the user (e.g. "My Risks", "My Open Action Plans", etc.) with links that take users to filtered explorer windows.
Either not supported or overly complex.
ERM managers will find it easier to engage risk owners and business leaders to manage their own risks, by providing them an intuitive interface and simple workflows for each user to view their data and complete their work items (without the need to become system experts).
Objective Centric Risk
Essential ERM is designed around the central concept of strategic objectives. Users can easily align risk programs to strategic pillars/categories and strategic objectives.
Not supported, weakly supported, and or overly complex (requiring customization).
Engage executives and board members moreeffectively; provide context for risk; improved achievement of strategic objectives. Aligning risks with strategic objectives is a core principal in the current COSO and ISO31000 ERM frameworks.
Dedicated, best-in-class ERM functionality
Essential ERM is purpose-built for enterprise risk management performed by executive and business users, in alignment with ISO 31000 and COSO.
Traditional tools are usually an offshoot of compliance. As a result, their ERM functionality is unnecessarily complex and difficult to use and support, while lacking key features needed to support successful ERM programs.
Faster program setup, better program adoption and better engagement of executives and business unit leadership in the enterprise risk program. Faster realization of business value and better support of business decision making.
Optional Environmental, Social, & Governance (ESG) module
As an option, Essential ERM can be seamlessly integrated with the Essential ESG module, allowing fully integrated ESG program management, metric tracking & reporting with with enterprise risk and opportunity management. May also be combined with Essential Strategy. Collectively, this combined solution easily guides users through a best practice ESG program (including double materiality assessment) that would meet the compliance requirements of the ESRS, GRI reporting, TCFD, and more.
Some GRC vendors are beginning to offer ESG modules, but from a compliance only perspective and lacking support for many imporant processes needed to plan, build, execute, and monitor successful ESG programs.
Effective ESG programs are inherently integrated into the strategy and enterprise risk management programs of an organization. The optional integration offered by the Essentials platform allows for seamless data sharing and integrated business processes that engage business users more effectively and lead to better ERM & ESG outcomes with less cost and effort.
User-centric & ISO31000 based design (including native COSO alignment)
Essential ERM's structure, screen layouts and workflow are designed to guide the user through an ISO31000 based risk identification and assessment process. Users complete their work quickly and easily without needing to jump between many screens.
GRC systems are typically based on transaction intensive processes and follow a tabular design. Users must click through multiple tabs and screens to complete their work and do not have integrated visualizations from an ERM and strategy perspective.
Users do not need to become risk experts. If they follow the workflow of the system, they will be completing a best practice assessment, whether they realize it or not. Simplified workflows with fewer screens improve user enjoyment and long term engagement in the process.Integrated visualizations are an important part of the risk assessment process, facilitating better analysis and allowing business users to make easier inferences and connections between related data elements.
Optional Strategic Planning & Execution Module
As an option, Essential ERM can be seamlessly integrated with the Essential Strategy module, allowing fully integrated strategic planning and execution with enterprise risk and opportunity management.
Not supported; risk only.
Integration between ERM and Strategy is more important and drives more value than integrating ERM with compliance. Integration of ERM and Strategy seamlessly establishes ERM as a natural component of strategic planning and execution, making it much easier to build and maintain executive support for ERM processes.
